Exhibit A - Proposal - 2021-07-01Managed Information
Technology Services
Request For Proposal
Information Technology Management Services
Costa Mesa Sanitary DistrictPresented on Thursday, May 27th, 2021
Acorn Technology Services
1960 Chicago Ave, Ste E9
Riverside, CA 92507
951.784.3500 (office)
951.320.7066 (fax)
www.acorntechservices.com
May 27, 2021
Costa Mesa Sanitary District
290 Paularino Avenue
Costa Mesa, CA 92626
RE: RFP for Information Technology Management Services for Costa Mesa Sanitary District
Dear District Staff,
Acorn Technology Services is pleased to submit the following proposal in response to the Request for Proposal for
Information Technology Management Services for Costa Mesa Sanitary District, due May 27th, 2021.
It is the hope and intent of the Acorn team that the reader of this proposal gains a more informed understanding of
who we are and what we do. Additionally, it is our desire that Acorn’s commitment to the customer and our aspiration
to be a true IT partner is exemplified throughout our proposal and our references. In this regard, several City leaders
of existing customers previously wrote letters of recommendation illustrating this point and are included in our
proposal as attachments.
As we have done many times in the past and on current projects, we seek balanced solutions for our clients, bringing
significant experience and flexibility to our projects. Acorn is confident that we have the experience, resources, and
infrastructure necessary to deliver outstanding service that will meet or exceed the District's short-term requirements
and long-term IT objectives.
Acorn’s proposal is valid for 60-days from this submittal and Acorn is prepared and staffed to begin work immediately
on the Scope of Services.
Thank you for the opportunity to compete for the District’s business and I look forward to working with you in our joint
efforts to provide the Costa Mesa Sanitary District with the quality Initial Assessment and ongoing Managed IT Services
that it seeks.
Sincerely,
Mickey McGuire
Chief Executive Officer
1960 Chicago Ave, Ste E9
Riverside, CA 92507
951.784.3500 main
951.320.7066 fax
mmcguire@acorntechservices.com
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 1 of 45
2)DESCRIPTION OF FIRM
Acorn Technology Services was originally founded in 2000, and is located in the Riverside Business Technology Park in
Riverside, California. For 20 years, Acorn maintained and operated two of its own data centers; provided wireless
communication networks to Southern California businesses; designed, built, and maintained IT networks for entities
ranging from just a few employees to more than one thousand employees. Acorn’s customers cross into 17 states, Canada,
and Germany. We proudly serve municipalities, libraries, and other local government agencies in Southern California,
including agencies with a responsibility to public safety with police departments and fire departments.
Our team of 50+ members has the depth and breadth of extensive experience in providing Information Technology
Services, including but not limited to: General IT assessments, IT risk assessments, strategic planning, project
management, Managed IT Services; desktop support, server and network administration; systems design and
implementation; disaster recovery; vulnerability scans, critical systems monitoring, system documentation, software and
equipment vendor management, and maintenance with 24 x 7 x 365 technical support.
Using our experience from onboarding and supporting the IT needs for our other municipality and service distracts, such
as the City of Monrovia, City of South Pasadena, the City of Covina, Rubidoux Community Services District and Alpine Users
Water Association, along with the City of La Quinta, the City of Calimesa, and the City of Huntington Beach, our team will
be able to effectively meet the needs of the Costa Mesa Sanitary District.
Acorn’s profile described throughout this proposal will demonstrate Acorn’s core competencies, how those are well-suited
to meet the needs of the District, and how our success in developing and maintaining long-term relationships are
illustrative of our values. This plan lays out the proposed processes and services that Acorn believes will meet the District’s
technical objectives as described within the RFP.
Currently, Acorn does not intend to use any consultants for this project. In the event that something unknown or untoward
occurs, and requires the use of consultants, Acorn would ensure they are properly vetted and approved by the District.
QUALIFICATIONS OF ASSIGNED PERSONNEL
The Costa Mesa Sanitary District Project Team will be headed by Matthew Fuller as Project Manager, Araceli Nava as
Account Manager, both of whom will serve as the main points of contact for the District. Acorn finds value in developing
a project team that is headed by two persons, the Project Manager acting as the technical lead and the Account Manager
acting as the business lead. This strategic approach allows the technical team to perform the assessment, and the business
leadership team is intimately involved in the development of the overall IT strategy. Matthew and Araceli will ensure that
the work Acorn does is in alignment with the District’s needs and expectations throughout the onboarding,
documentation, and transition to helpdesk support. Matthew has managed an assortment of projects in both the private
and public sector, with recent experience in project management for a variety of municipal organizations. Any resources
assigned to the project during the onboarding process will report to Matthew. Throughout the onboarding, the project
team will be available to meet with department heads and District leaders to gather the necessary information required
to perform the scope of this RFP.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 2 of 45
Matthew Fuller is part of Acorn’s project management team and has experience in leading both large and small projects
for municipalities, for-profit, and nonprofit organizations. His experience with public municipalities involves leading groups
of technicians to assess existing technology solutions, working closely with District management to determine existing
pain-points, identifying areas of improvement, analyzing risks, and developing recommendations to address clients’ needs.
Matthew leverages Acorn’s pool of talent to create solutions to the identified problems and works with the assigned
Account Manager to ensure they are properly aligned with the District’s goals and objectives. Working with District
management and staff allows Acorn to make decisions that are focused on meeting the District’s desired technology
objectives, including but not limited to the implementation of cloud services, improved network security, enhanced mobile
computing, and GIS systems. Recent projects that Matthew has untaken include the assessment and onboarding of the
City of Calimesa, Alhambra Civic Center Library, and large scale deployments for both the City of Monrovia, Monrovia
Police Department, City of South Pasadena and South Pasadena Police Department.
Araceli Nava will act as the Account Manager for the Costa Mesa Sanitary District. Acorn finds that having a dedicated
primary point of contact that focuses on the business aspect of our services is valuable to customers. Araceli works with
leadership of municipality clients on a weekly basis, monitoring issues, projects, and long-term planning. Some of her
clients include the City of South Pasadena, Alhambra Civic Center Library, and many other for-profit and nonprofit entities.
A key aspect of Araceli’s work with clients includes working with finance departments to assist in developing annual
technology budgets for 3rd party services, staffing, hardware replacement schedules, and software licensing. Since the
Account Manager is a part of Acorn’s business team, Araceli will also be involved in developing the IT Strategic plan,
involving financial analysis and suggestion of municipality-specific hardware and software to maximize financial efficiency.
These measures ensure that technology is utilized to increase business value and improve the IT service offering to both
District staff as well as the community. As an Account Manager, Araceli has vast knowledge of her customers, allowing her
to assist the Acorn team in providing timely and efficient support.
In addition, any future requests for change can be channeled through the Account Manager who will guide the request
through Acorn’s process to ensure the client’s needs are being addressed in a timely manner and fit the scope of the
project parameters. Should a non-technical “customer service” issue arise, the Account Manager is there to assist.
The Account Manager assigned to the District will gather an intimate knowledge of existing infrastructure, and work with
the rest of the Acorn team to implement best practice solutions. The Account Manager will also keep in ongoing contact
with District leadership and other department heads to address needs, attend meetings, recommend software upgrades,
discuss security and disaster recovery solutions, budgetary planning, and utilize the results of the Application Portfolio
assessment to suggest municipality-specific hardware and software solutions to improve the District’s performance.
During the assessment, Matthew Fuller will support Araceli Nava and assist in Account Manager efforts for the Costa Mesa
Sanitary District. Acorn finds that having multiple dedicated points of contact are valuable to customers.
Acorn plans to have an on-site technician to support the District, for any required on-site related work. The technician will
provide day-to-day support for the District and work on projects with direction from the project manager, Matthew Fuller.
Acorn’s site technician’s have worked on a variety of public safety and municipality projects at the City of South Pasadena,
the City of Monrovia, the City of Covina, and the City of La Quinta. Our on-site technicians directly support municipalities
with over 400 end user computers and assist in new server infrastructure and server migration projects regularly.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 3 of 45
Alfred Gonzales has worked with Acorn for over 12 years on a variety of City and municipality projects at the City of South
Pasadena, City of Monrovia, City of Compton (audit and assessment capacity), and City of Calimesa as the Network and
Systems Engineer to assist with the onboarding, IT assessment, recommendations, and IT roadmapping. Alfred has
successfully completed similar onboarding projects for the City of Monrovia and the City of Calimesa. Alfred will serve as
the lead technician for the onboarding, assessment, and initial recommendations for the Costa Mesa Sanitary District.
While the on-site technicians are important to the execution of the scope of work set forth in this proposal, equally
important are the key personnel who will provide the District with 24/7 live Helpdesk support and real-time constant
monitoring services. Our remote helpdesk, headed by our Director of Technology, James Walter and our Director of
Operations, Daniel Gutierrez, is a dedicated technical team that has experience on a wide range and scale of Information
Technology Service implementations, ranging from customers with just a couple of users to customers with hundreds of
users at over two hundred different locations around the United States, Canada, and Germany. A simple call to our
helpdesk will result in a live person answering the call, getting information about the issue, and routing the call directly to
a technician who can immediately assist the user. They also monitor incoming helpdesk email requests and the monitoring
tools installed at customers’ locations so that a fast and reliable response can be executed during a technical emergency.
Finally, Acorn Technology Services’ CEO, Mickey McGuire, makes himself available to meet with customer executives for
strategic planning efforts or simply to discuss how different technologies can be used as tools to meet strategic
initiatives. Additionally, his experience allows him to assist in contract negotiations with 3rd party vendors to ensure that
the District is getting the types of services they require at competitive rates.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 4 of 45
KEY STAFF MEMBERS CONTACT INFORMATION
MICKEY MCGUIRE | CHIEF EXECUTIVE OFFICER
mmcguire@acorntechservices.com
(951)784-3500
MATTHEW FULLER | PROJECT MANAGER
mfuller@acorntechservices.com
(951)784-3500
ARACELI NAVA| ACCOUNT MANAGER
anava@acorntechservices.com
(951)784-3500
DANIEL GUTIERREZ | DIRECTOR OF OPERATIONS
jwalter@acorntechservices.com
(951)784-3500
JAMES WALTER | DIRECTOR OF TECHNOLOGY
jwalter@acorntechservices.com
(951)784-3500
ALFRED GONZALES| NETWORK AND SYSTEMS ENGINEER
agonzales@acorntechservices.com
(951)784-3500
RYAN WAMBOLT | SENIOR PROJECT MANAGER
rwambolt@acorntechservices.com
(951)784-3500
LYLE JONES| SENIOR NETWORK AND SYSTEMS ENGINEER
ljones@acorntechservices.com
(951)784-3500
DAVID MCKISSIC| DIRECTOR OF SECURITY SERVICES
dmckissic@acorntechservices.com
(951)784-3500
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 5 of 45
ORGANIZATION CHART
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 6 of 45
3)REFERENCES & LIST OF ENGAGEMENTS
Acorn Technology Services provides its services to a wide variety of organizations, municipalities, and various government
agencies, both large and small. Currently, Acorn has contracted relationships for the delivery of Managed IT Services
support with over 60+ customers, with about 20% of them being government or quasi-government related, including
various municipalities.
Moreover, Acorn has a large portfolio of municipal customers in varying sizes, each with their own specific needs, projects,
and strategy that Acorn has helped strengthen; this should build confidence in Acorn’s capabilities and expertise to
execute on the assertions made throughout the entirety of our proposal. We encourage the Costa Mesa Sanitary District
to reach out to the references noted within the proposal, as we are confident the District will receive glowing references
about Acorn and its team of highly skilled individuals. Feedback from our clients will add credibility to what we have
described within the proposal about our Project Team members, the relevant experiences we have had that are similar to
the Costa Mesa Sanitary District, and our capability to handle the workload that would come by adding the Costa Mesa
Sanitary District as one of our clients. If the District would like additional references, just ask and we would be happy to
provide additional satisfied customers to discuss how Acorn has become a strategic IT partner for their organization!
Additionally, please see in Appendix A some letters for recommendation from other municipality customers for reference.
SIMILAR EXPERIENCE
The following projects are a few highlights while working with some of our local municipal clients in addition to our ongoing
on-site and remote helpdesk support:
1.CITY OF MONROVIA
Contact: Lauren Vasquez, Assistant City Manager (626) 932-5506
Type of Projects: Assessment, Strategic Planning, and Support lvasquez@ci.monrovia.ca.us
Date Performed: 2016 - Current
Project Scope: Acorn won a competitive bid project to perform an assessment and provide managed IT support
services to the City of Monrovia. Since the City had very little documentation and understanding of their IT systems
and infrastructure, Acorn’s initial assignment was to perform a complete assessment to catalogue and evaluate
the City’s existing systems. Acorn created and implemented a technology roadmap to replace outdated systems,
hardware (including switches, firewalls, and cabling) with more modern and secure infrastructure. Additionally,
the City’s more than 50 physical servers were virtualized and consolidated down to 10 physical servers with
enhanced security provisions, change management, patch management, image based backup systems, remote
monitoring all done with greater redundancy, resiliency, and security in mind. This project was performed over
the course of three months, was completed 100% by Acorn and was within budget. The schedule was extended
(with City agreement) by approximately 6 weeks due to unforeseen challenges in getting access to the necessary
systems and information.
2.CITY OF COVINA
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 7 of 45
Contact: Angel Carrillo, Assistant to the City Manager (626) 384-5600
Type of Project: IT Assessment & Support Services acarrillo@covinaca.gov
Date Performed: 2017 - Current
Project Scope: The City of Covina including the Police Department was looking for cost savings and better IT
support coverage than their previous outsourced provider. After a competitive bid process, Acorn was selected
to provide general IT administration services including but not limited to: 24/7/365 remote helpdesk support,
network administration, server administration, as well as a full-time on-site IT Specialist. This project started off
with a general IT assessment during which time documentation was gathered into a single living document and
provided to the in-house IT manager and management staff; interviews were conducted with department liaisons
to get a better understanding of each departments’ needs, as well as on-going and future IT related projects. The
on-going service is performed 100% by Acorn in tandem with an in-house IT manager.
3.CITY OF SOUTH PASADENA
Contact: Lucy Demirjian, Assistant to the City Manager (626) 403-7231
Type of Projects: Assessment, Strategic Planning, and Support ldemirjian@southpasadenaca.gov
Date Performed: 2015 - Current
Project Scope: Acorn won a competitive bid project to perform an assessment and provide managed IT support
services to the City of South Pasadena and Police Department. Since the City had very little documentation and
understanding of their IT systems and infrastructure, Acorn’s initial assignment was to perform a complete
assessment to catalogue and evaluate the City’s existing systems. Acorn created and implemented a technology
roadmap to replace outdated systems, hardware. Acorn outlined recommendations for the virtualization of the
City’s servers, moving from more than a dozen physical servers to three physical servers and a SAN environment,
a new image-based backup system, and upgraded computer workstations. As part of this overhaul, new policies
were implemented for change management, patch management, remote monitoring, as well as a rolling 5-year
replacement schedule of workstations. Acorn also provides ongoing IT future planning, budgeting, and
documentation. The project was executed on budget, and Acorn surpassed their scheduling commitments by
completing work in eleven months.
4.CITY OF LA QUINTA
Contact: Gilbert Villalpando, Assistant to City Manager (760) 777-7094
Type of Projects: Assessment, Strategic Planning, and Support gvillalpando@laquintaca.gov
Date Performed: 2019 - Current
Project Scope: Acorn won a competitive bid project to provide managed IT support services to the City of La
Quinta. Since the City had very little documentation and understanding of their IT systems and infrastructure,
Acorn’s initial assignment was to perform a complete assessment to catalogue and evaluate the City’s existing
systems. Acorn created and implemented a technology roadmap to replace outdated systems, hardware
(including servers, firewalls, and computers) with more modern and secure infrastructure. Additionally, the City’s
more than 10 physical servers were virtualized and consolidated down to 3 physical servers with enhanced
security provisions, change management, patch management, image-based backup systems, remote monitoring
all done with greater redundancy, resiliency, and security in mind.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 8 of 45
5.CITY OF MONROVIA - POLICE DEPARTMENT
Contact: Alan Sanvictores, Police Chief (626) 256-8056
Type of Project: Assessment, Strategic Planning, Implementation and Support asanvictores@monroviapd.org
Date Performed: 2019 - Current
Project Scope: The Monrovia Police Department wanted an outside party to analyze the current status of their
network and computer systems and receive a comprehensive report detailing vulnerabilities as well as a series of
recommendations to improve and advance the current environment. As part of the project, security specialists
from Acorn analyzed the current Active Directory, hardware configurations, backup solutions, and computer
policies to provide a comprehensive report detailing all known vulnerabilities, as well as a remediation plan to
address the issues detected. This one-off project resulted in Acorn winning a contract to extend remote support
services to the Monrovia Police Department and implement many of the recommendations that came from the
Security Assessment. This project was performed 100% by Acorn over the course of three months and was within
budget. The original schedule was extended to accommodate Police staff availability.
6.CITY OF HUNTINGTON BEACH
Contact: Oliver Chi, City Manager (310) 663-9837
Type of Projects: Assessment and Strategic Planning oliver.chi@surfcity-hb.org
Type of Organization: Government Municipality
Date Performed: 2020
Project Scope: Acorn Technology conducted a general organizational assessment of the IS Department for the
City of Huntington Beach. To perform the assessment, Acorn reviewed and evaluated the IS Department’s
organizational structure, personnel review, infrastructure, management and IT governance. This included but
was not limited to: the organizational structure, staffing and resource allocation, processes, service delivery
model, associated metrics for performance and budget. To accomplish this, Acorn submitted a set of request for
information (RFI) documents to the City to assist in gathering the necessary data to better understand existing
workflow, IS staff roles and responsibilities, internal demand for services (helpdesk, systems administration,
infrastructure support, applications, etc.), and departmental support needs. In addition, Acorn submitted survey
questions for the City to distribute to Department heads and end users to help understand the level of
satisfaction with IS services across the city. Lastly, Acorn supplemented the information referenced above with
in-person interviews and followed up with remote staff interviews.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 9 of 45
The following are a few highlights while working with some of our private sector clients in addition to our ongoing on-site
and remote helpdesk support:
1.ANNENBERG FOUNDATION TRUST AT SUNNYLANDS
Contact: John Finkler, Operations Manager (760) 202-2275
Type of Organization: Non-profit Foundation jfinkler@sunnylands.org
Type of Project: IT Assessment & Support Services
Project: Presidential Retreat
Date Performed: 2016 - Current
Project Scope: The Sunnylands Estate occasionally hosts the President of the United States and other foreign
dignitaries. During such times, Acorn works with agencies like the Office of the President, White House
Communications and the Secret Service to ensure that the required systems and network security is in place during
the retreat. After getting a list of the requirements, Acorn assesses the current technology, infrastructure,
and physical security to ensure all needs are met. On-site technicians are provided by Acorn as requested
before, during and after the event takes place. The service is performed 100% by Acorn.
2.SMARTSTOP ASSET MANAGEMENT
Contact: Bryan Bowers, IT Director (949) 429-4454
Type of Organization: Publicly-Traded Corporation bbowers@smartstop.com
Type of Project: IT Assessment & Support Services
Date Performed: 2009 - Current
Project Scope: Acorn was asked to assess the customer’s technology readiness for its significant anticipated
growth through acquisition. In doing so, Acorn evaluated the customer’s applications, infrastructure, and
technology roadmap which facilitated Acorn recommendations. Acorn was also responsible for the
implementation and support of the current robust technology service offering that includes but is not limited to:
network & server administration, design, and scale out to meet changing business needs, full service remote
helpdesk and NOC capable of monitoring all systems and services 24x7x365, supporting more than 130 networks
across the United States and Canada, multiple disaster recovery solutions including full hot site replication in an
alternate geographic location, multiple threat detection systems in place to prevent compromise, data loss, and
exploitation from outside threats and simulated phishing attacks and cybersecurity training for all staff on a
regular basis.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 10 of 45
LIST OF SIMILAR SERVICES
Below is a list of government, quasi-government, special districts, and other agencies Acorn currently supports that are
public information. Upon further request, Acorn can provide a more comprehensive list of its private/confidential
clients, if allowed by the client.
Alhambra Civic Center Library
Alpine Water Users Association
Beaumont Cherry Valley
Recreation & Park District
Boys and Girls Club of
Palm Springs
Boys and Girls Club of Redlands
City of Calimesa
City of Covina
Hesperia Recreation and Park
District
Inland Empire Women's Business
Center (Riverside & Coachella)
LAQ (City of La Quinta)
City of Monrovia
City of Monrovia Police
Department
Riverside Community College
Moreno Valley Campus
Rubidoux Community Services
District
City of South Pasadena
SmartStop Asset Management
SmartStop Property Management
The Annenberg Foundation Trust
at Sunnylands
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 11 of 45
LIST OF REFERENCES
City of Monrovia
Lauren Vasquez
Assistant City Manager
626-932-5506
lvasquez@ci.monrovia.ca.us
City of South Pasadena
Lucy Demirjian
Assistant to the City Manager
626-403-7231
ldemirjian@southpasadenaca.gov
City of La Quinta
Gil Villalpando
Assistant to the City Manager
760-777-7094
gvillalpando@laquintaca.gov
City of Covina
Angel Carrillo
Assistant to the City Manager
(626)384-5415
acarrillo@covinaca.gov
Alhambra Civic Center Library
Antoinette Morales-Tanner
Library Services Manager
626-570-5079 ext. 5616
antoinettem@alhambralibrary.org
City of Huntington Beach
Oliver Chi
City Manager
(310)663-9837
oliver.chi@surfcity-hb.org
SmartStop Asset Management
Bryan Bowers
IT Director
949-429-6600 ext.579
bbowers@smartstop.com
The Annenberg Foundation Trust at Sunnylands
John Finkler
Deputy Director
760-202-2275
jfinkler@sunnylands.org
While not requested, and while previously written for Acorn’s submission for other RFPs, Acorn has provided a list of
reference letters in Appendix A, that we thought would be helpful in determining the level of service Acorn provides its
clients.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 12 of 45
4) SECURITY
To start with, it is important to highlight that Acorn’s technical and project management teams have successfully
undergone the Department of Justice LiveScan process and have achieved Criminal Justice Information Systems (CJIS)
certification to better support its clients and their security needs. Acorn’s CEO, Director of Technology, Director of
Security Services and Senior Systems Administrators have all been heavily familiarized with the CJIS policy documents,
NIST (National Institute for Security and Technology) Standards especially as it related to network security and
compliance. Acorn will evaluate the district's current systems, and policies, to ensure and/or provide recommendations
to meet any necessary compliance. These policies and recommendations are most often hand in hand with today’s best
practices.
Acorn will focus much of its efforts emphasizing security awareness training of the district’s team members, the
development of an incident response plan, the implementation of audits, logging, monitoring, detection, and analysis
tools, along with enforcing best practice recommendations such as password policy requirements, least access
privileges, and proper configuration management/change management, with internal audit procedures. It is these
measures that will improve network security and help the district stay within any needed compliance.
Acorn will work in tandem with District management to ensure the district meets or exceeds the policy requirements. It
is important to remember that it is a joint effort and it may take some time to implement compliance practices, if the
District is not already compliant.
Isolating critical assets: Acorn understands that critical assets such as email, PII related data, and other sensitive data
sources, are the most important to monitor and isolate utilizing the least access privilege concepts. Once Acorn has a
better understanding of the needs and what tools and infrastructure are in place, it will make recommendations, if
needed, to segment certain parts of the network, and to isolate those critical assets. This would most likely be
performed by the use of VLANs and ACLs (Access Control Lists), that would be controlled through the firewall/router and
switching infrastructure.
Data loss prevention/security tools: Additionally, the use of monitoring tools like EDR (endpoint detection and response
tools),and monitoring tools, used for SIEM solution(s), along with data loss prevention solutions, are extremely valuable
to monitoring network activity, and to alert when specific actions needs to be taken and/or additional controls may need
to be put into place. These tools also allow the district to have the necessary centralized logging of network activity to
maintain compliance with the district’s adopted policies and procedures. Where possible, Acorn will recommend the
implementation of DMZs for any public facing systems, such as e-mail and web servers.
Content Filtering: Acorn will also work with the client to help develop or understand their existing web browsing and
content filtering requirements. As needed, Acorn can implement those requirements through a combination of firewall
based content filtering along with endpoint software that controls, or further limits, specified web browsing activity. All
of this would be done in conjunction with the district’s current policies and procedures, and with specific direction from
department decision makers.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 13 of 45
Email: With regard to email, Acorn would recommend limiting and securing access as much as possible, where possible
the implementation of MFA (Multi-Factor Authentication) and VPN (Virtual Private Networks), should be used,
additionally to the degree possible, Active Sync, OWA (Outlook Web Access), should be limited on a per user basis or
through MFA and/or VPN access.
For the remote access to email, and databases, specially those systems that access sensitive or PII related data, Acorn
recommends and prefers to implement security measures such as MFA using a fob such as YubiKey and VPNs such as
NetMotion. This is common practice in the law enforcement agencies Acorn supports and is inline with CJIS and NIST
policies.
To ensure the security of the endpoint devices that are remotely accessing the data, Acorn highly recommends the
encryption of the mobile devices, and laptops using BitLocker.
Smartphone and tablet devices are better secured using mobile device management solutions to better protect the
integrity of the data and control access to the data. Acorn is familiar with many Mobile Device Management (MDM)
solutions, including but not limited to: Hexnode, Microsoft’s Intune, Cisco's Meraki MDM, and AirWatch. Acorn supports
the mobile device needs for the majority of its customers, including setting up new devices, adding user account info,
such as email and work related applications across many mobile OS platforms (iPad, iPhone, Android, Surface, and other
tablet and toughbook solutions).
Acorn will evaluate the systems that are currently in place, provide ongoing support of those systems that meet required
security compliance and make recommendations for improvements where better or more cost effective solutions may
be available.
Penetration Tests: Acorn Technology highly recommends third-party penetrations tests be performed to initially
develop a baseline to see what risks and vulnerabilities may already exist, and then remediation efforts should be
performed. A followup penetration test should be performed immediately thereafter to ensure all discovered
vulnerabilities have been successfully remediated. This should be the process no less than once per year. While Acorn
Technology is able to and has performed numerous penetration tests, risk assessments, and vulnerability assessments,
these assessments are not included within this proposal and can be performed under a separate engagement or
modification to the Scope of Services.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 14 of 45
5) CLIENT RELATIONSHIP MANAGEMENT
The relationship with the Project Manager and Account Manager is initially described in Section 2. However, additional
information about how Acorn maintains quality, communicative, client relationships can be found below in this section.
DESCRIBE HOW THE FIRM DETERMINES CLIENT NEEDS. WHAT SPECIFIC PROCESSES ARE FOLLOWED TO RESOLVE CLIENT REQUESTS?
Regular Meetings: As mentioned previously, Acorn recommends meeting with District decision makers regularly to
better understand the District’s evolving needs as well as discuss ongoing projects, maintain timelines and deliverables
as well as receive feedback on the services that Acorn is providing to the District’s end users. At least initially these
meetings may be weekly discussions but can become monthly as the District and Acorn develop an ongoing rapport.
These meetings provide Acorn with an understanding of the District’s strategic plan as it relates to the use of technology
so that solutions designed by Acorn can be developed with the understanding of the District’s future objectives and
growth expectations.
During the assessment, the Account/Project Manager will meet with the departments and designated staff to begin
understanding ongoing and anticipated projects the District hopes to undertake. This will allow Acorn to develop a
technology roadmap to replace any outdated systems, servers, workstations, hardware (including switches, firewalls,
and cabling) with more modern and secure infrastructure. This includes establishing an ongoing replacement schedule
to ease the budgeting and planning process.
Additionally, day-to-day needs for support come up on a regular basis. Users are not only empowered to reach out to
Acorn directly for support, but they are encouraged to do so. Users can communicate their needs to us via email or
telephone, whichever their preference. Telephone support requests are handled real-time. More information is
available in section 6 of this proposal.
Support requests that come to Acorn via phone or email generate tickets to track the requests, who is assigned to them,
what work is performed, how long it took to resolve, and how much time was spent on the ticket. Completed and
uncompleted tickets are reviewed daily by Acorn’s Helpdesk Manager, Account Managers and Project Managers to
ensure tickets are being handled timely and resolutions are made to resolve client requests. The Helpdesk Manager and
the Operations Manager receive helpdesk reports that allow them to more easily monitor outlying issues and tickets
that are exceeding the normally expected time to resolution.
DESCRIBE HOW THE FIRM COMMUNICATES ANY CHANGES TO SYSTEM CONDITIONS TO CLIENTS AND USERS
Communication of System Changes: Planned changes to the system which impact conditions, are typically communicated
by the Account Manager or Project Manager through the District’s main point of contact. If desired, notices can be made
to all users through email and/or calendar invites to make everyone aware of planned changes. Maintenance notices are
usually submitted to all appropriate personnel. In the event of an unplanned system change or outage, Acorn’s 24/7/365
monitoring system will alert the Acorn team who will then reach out to the appropriate individuals within the Distract to
communicate the outage and next steps/best course of action. These communications typically take place via phone
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 15 of 45
and/or email. Additionally, should the District desire, Acorn can set up email notifications for certain ticket types to help
keep District staff up to speed on ticket progress.
DESCRIBE HOW MULTIPLE PROJECTS AND REQUESTS ARE PRIORITIZED IF RECEIVED AT THE SAME TIME.
Multiple Projects: Acorn strives to provide the fastest response time to its customers. This means that when a customer
calls in they are not greeted by an automated phone menu but rather live representatives located in the Riverside office.
Acorn’s teams of technicians will quickly troubleshoot in real-time by logging into the computer via our remote
management tools. This is a service feature preferred by most of Acorn’s clients as it provides a cost effective alternative
to on-site technicians, and the ability to address multiple service requests simultaneously throughout the day. Acorn’s
depth and breadth of technical talent allow it to meet the needs for general support requests simultaneously.
Similarly, Acorn has multiple project managers, and project technicians to be able to perform/implement multiple projects
at the same time. Obviously, Acorn will prioritize based upon the District's determination of critical needs, but it is able to
apply multiple sets of resources to meet the District’s project needs as needed.
Flexible Resources: Acorn Technology Services’ objective will be to provide expert and prompt support during regular
business hours with after-hours staff readily available to provide service during off hours. Technicians will work on
projects, maintain inventories, follow current best practices, and keep users informed with open lines of communication
regarding projects and open trouble tickets. The District’s IT infrastructure needs regular maintenance to ensure the
least amount of service-loss possible, with monitoring, regularly scheduled updates, and dependable backups employed
to allow the District to reliably provide their services internally and to the public. Higher tier technicians will be available
to maintain and troubleshoot network devices, so that Acorn may successfully support the District's network backbone
and security, bringing in additional resources as needed in the face of an outage, security breach, disaster, or for project
implementations.
DESCRIBE THE FIRM'S EXPERIENCE WITH END USER TRAINING, SPECIFICALLY AS IT RELATES TO USE OF TECHNOLOGY AND SECURITY TRAININGS.
Training: Upon initial set up and as required for new users, Acorn will provide basic training on the proper use of the
system and support procedures.
Onboarding: Acorn is prepared to meet with District staff to discuss the methodology and approach to implementing IT
Support Services for the Costa Mesa Sanitary District. During the previously mentioned assessment and documentation
phase in the Methodology Section, Acorn will begin implementing end user training on how to contact our helpdesk and
receive 24/7 support.
Security Training: Cyber security awareness training involves teaching and enlightening users and employees of the risks
and threats around the ever evolving and changing cyber world. Including potential risks of exchanging data whether
digitally or verbally with untrustworthy sources. Training also enables employees to be fully aware of the consequences
of failing to protect their organization from outside attackers. While Acorn provides on-site and/or remote Cyber
Security training, Acorn highly encourages the implementation of a thorough third-party training and testing program
(like KnowBe4) that specializes in end-user cyber security awareness training.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 16 of 45
DOES THE FIRM FOLLOW A CHANGE MANAGEMENT PROCESS? PLEASE EXPLAIN THE PROCESS FOLLOWED TO HELP CLIENTS PREPARE FOR, ADOPT,
AND SUSTAIN THE USE OF NEW TECHNOLOGY.
Change Management: Acorn does follow a change management process. Below is the framework for change
management for the implementation of new technology.
1 – Developing Business Case Justification
For all change categories, the Change Coordinator must develop a Business Case Justification, including the requirements
of the change that will be attached to the RFC for consideration in the analysis portion of the process. The business case
information is documented in the “Change Description” field within the company’s selected technology platform. The
following questions are relevant information that should be addressed during development of the business justification:
● The requirements and detailed description of the change.
● Describe the impact the change will make on the business unit’s operation.
● Describe the effect the change may have upon the end user, business operation, and infrastructure, if known.
● Describe the impact on other services that run on the same infrastructure (or on software development projects).
● Describe the effect of not implementing the change.
● Estimate the IT, business and other resources required to implement the change, covering the likely costs, the
number and availability of people required, the elapsed time, and any new infrastructure elements required.
● Estimate any additional ongoing resources required if the change is implemented.
2 – Technical Impact Analysis
This section describes the criteria a technical reviewer must consider when evaluating the technical impact of a change.
The technical impact and risk analysis is documented within the company’s selected technology platform module’s
“Impact” fields. After the Change Coordinator reviews, categorizes, and prioritizes the RFC, they will assign a resource
depending on the type of change and complexity, to perform a technical analysis of the change. This process is intended
to evaluate and validate the technical feasibility, risk and effect a change will have on the production environment and
end user productivity. The Technical Approver should consider the following criteria while reviewing any change:
● Evaluate the change plans to gauge the impact and effect of the change during and immediately following the
change implementation.
● Review the technical completeness of the change plan, including anticipated assets changed, impact on start-up
or shut down of systems, impact on disaster recovery plans, back-up requirements, storage requirements, and
operating system requirements.
● Evaluate the technical feasibility of the change and the whole impact of the change in terms of: Performance,
Capacity, Security and Operability.
● Validate technical aspects, feasibility, and plan.
After the technical impact assessment is complete, the reviewer must assign a technical impact level to the change.
3 – Business Risk and Impact Analysis
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 17 of 45
This section details the potential infrastructure and business risks and impacts associated with a change, and the criteria
necessary to assign a risk level to a change. The Change Coordinator works with the business units strongly associated or
impacted by the proposed change to conduct a business risk and impact analysis. The business risk and impact analysis
are completed when a new change record is created. The business risk and impact process evaluate the impact of the
change as it relates to the ability of the company to conduct business. The key objective is to confirm that the change is
consistent with current business objectives. The following points should be considered while performing the business risk
and impact assessment:
● Evaluate business risk/impact of both doing and not doing the change.
● Analyze timing of the change to resolve any conflicts and minimize impact.
● Ensure all affected parties are aware of the change and understand its impact.
● Determine if the implementation of the change conflicts with the business cycle.
● Ensure current business requirements and objectives are met.
When the Change Coordinator analyzes the change, they have the responsibility of initially assigning a risk level for all
categories:
● IT Resource Impact
● Implementation Complexity
● Duration of Change
● Security
● Service Level Impact
4 – Developing the Back-Out plan
Development of the back-out plan is essential to ensuring effective recovery in the event of a failed change. The back-out
plan is primarily based on the technical impact analysis and the implementation plan.
5 – IT Business Unit Manager Review and Approval
Following the submission of the new RFC, it will be screened by the IT business unit manager who determines whether to
authorize or deny the change based on the information in the new change record. This screening process includes a reality
check to ensure that the RFC is appropriate, and to ensure the request is complete. The manager can elect to approve,
deny, or request additional information from the change initiator. The Change Initiator is notified of the progress of their
request at all stages.
6 – Testing Phase
All change categories will undergo some level of testing depending on the complexity of the change. Once the change is
built, configured, and integrated in the development environment, the change is moved to the Test/QA environment. This
phase focuses on conducting testing and quality assurance to ensure reliability and performance of all components of the
organization’s technology infrastructure. The Change Coordinator will oversee the testing function, develop the test plan,
and report its findings back to the CAB for voting on whether to advance the change to the next step.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 18 of 45
7 – Conducting the Peer Approval
Peer approvals are the last step of the Change Development Phase. Peer approvals are optional for all changes completed
by a customer IT business unit. This step ensures that all the technical components and notifications have been completed
as required by the Change Advisory Board. This approval can be completed by anyone approved by the IT business unit
manager and identified as a Peer Approver in the company’s selected technology platform. Peer approvals are completed
using a checklist which is attached to the change record.
8 – Change Approval Phase
After a minor, major, or significant change has been correctly prioritized, categorized, and analyzed by the Change
Coordinator and been through the Peer Review process, the change must be authorized for implementation.
Acorn utilizes Change Management in the form of Change Request Forms that allow the District to select one or more
points of contact to be authorized to approve Change Orders or user requests outside of standard desktop support. These
can include installation of new applications or access permissions, often requiring approval.
HOW DOES THE FIRM DETERMINE CUSTOMER SERVICE SATISFACTION?
Acorn believes the best determination of customer satisfaction is through regular communications between the Account
Manager and the client, and by simply asking the client how we are performing to see if we are meeting their needs, and
if we are doing so timely. In our opinion, there is no substitute for this direct communication and feedback. With that
said, we often use other metrics to help quantify this determination, such as time spent per ticket, time to resolution,
number of tickets per device, etc. Lastly, when clients are willing to provide glowing references, such as those attached
to this proposal, that is one of the best determinations of customer satisfaction. Just ask our existing clients.
DOES THE FIRM PRODUCE HELP DESK REPORTS? IF SO, ARE THESE REPORTS PROVIDED TO THE CLIENT AND HOW OFTEN ARE THEY PRODUCED
FOR REVIEW?
The ability for Acorn to provide status updates, reports, and timekeeping starts with the use of its Ticketing System. This
critical function and tool allows Acorn to deliver the requested reports and granular detail on its invoices to the District.
Ticketing System: Incoming calls and e-mails become tickets – a trackable electronic paper trail that logs the problem,
the steps necessary to reach resolution, and the time spent on the ticket. Once a ticket is created, our team of
technicians will work with the user to determine the issue and fix the problem. If the issue requires further diagnosis, it
will get escalated to a higher level technician or to on-site support as necessary. Reports can be generated based on
tickets, to help discover trends and issues routinely addressed, and can be used to more proactively address client
concerns.
Reporting Overview: Acorn can offer the District a variety of reporting related to Acorn’s performance and workload.
Acorn can provide regular reports as requested by the District to illustrate Acorn’s workload as it relates to support
requests, monitoring alerts, maintenance activities and internally generated tickets. Depending on the requested set of
information, Acorn can provide data such as ticket quantities, dates, time, time spent, issue type, etc. Additionally,
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 19 of 45
progressive reports can be provided at regular intervals to help keep the District informed about the status of projects,
time spent, and next steps to better assist in project management.
Ticket Generation & Tracking: Acorn Technology utilizes Autotask as its primary Helpdesk ticket management system. It
consists of queues for Helpdesk, lab, and site where tickets are created and queued from the following sources:
· Incoming support call
· Email sent to Helpdesk@acorntechservices.com
· Monitoring (Internal monitoring system)
· Internal request
All generated tickets are initially maintained and tracked in the Helpdesk queue. The Helpdesk Manager’s responsibility is
to monitor the queue and assign resources as necessary to ensure work is handled accurately and timely. Additionally,
technicians are instructed to go into the queue as they complete tickets to work on the next ticket within the queue.
Call Handling: An incoming support call is answered and logged into Acorn’s comprehensive ticketing system, by one of
the onsite technicians. The technician will then work to resolve the caller’s issue. If the District desires, Acorn can
implement a policy whereby if the onsite technician is unavailable, the call can be routed to Acorn’s 24/7/365 Helpdesk
where an experienced technician can remotely address the user’s needs.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 20 of 45
6) DESCRIPTION OF SERVICES
Acorn Technology Services’ objective will be to provide expert and prompt support during the District’s regular business
hours with after-hours staff readily available to provide service during off hours. Technicians will work on projects,
address support requests, maintain inventories, follow current best practices, and keep users informed with open lines
of communication regarding projects and open trouble tickets. The District’s computer infrastructure needs regular
maintenance to ensure the least amount of service-loss possible, with monitoring, regularly scheduled updates, and
dependable backups employed to allow the District to reliably provide their services internally and to the public. Higher
tier technicians will be available to maintain and troubleshoot network devices, so that Acorn may successfully support
the District’s network backbone and security, bringing in additional resources as needed in the face of an outage,
security breach, disaster, or for project implementations.
Below, we have provided a description of our services, inline with the Scope of Services defined within the RFP.
We have provided significant content that elaborates greatly on the description of our IT management and support
services. Below this section, we have addressed each subsequent bullet point within the RFP under “Description of
Services”.
INITIAL ASSESSMENT
At the start of the District’s contract, Acorn will bring in additional resources to conduct an IT assessment to inventory and
review all the system architecture and current processes depending on the amount of information available from the
current IT team and the complexity of the environment. From this, Acorn will create a working catalog of all IT assets,
process documentation, and critical support information. This document will become a referential source for the customer
and the IT support staff as it will contain significant and extremely useful knowledge associated with the customer’s
existing system and operation. Information in this catalogue will include but not be limited to:
1. Inventory of the Workstations with the following data: Make/Model, Operating System, Processor,
RAM, HDD total/used, recommended replacement schedule, location, and assigned user
2. Inventory of the Servers (physical and virtual): Make/Model, Operating System, Processor, RAM,
physical or virtual, primary function, recommended replacement schedule, and other
recommendations
3. Inventory of Network Printers/Scanners/Copiers
4. Inventory of Network Equipment: Switches, WAPs, Router(s), Modem(s), UPSs, Storage Device(s), etc.
5. Inventory of Phone System
6. ISP and Connectivity Information
7. Listing of Critical Applications, licensing, requirements, vendor support, main users, etc.
8. Remote Access Documentation: VPN, RDS, etc.
9. Evaluation of Backup System and Disaster Recovery capabilities
10. Evaluation of basic physical and network security
11. Evaluation of Anti-Virus, SPAM and Malware solutions
12. Network Diagram
13. Basic Floorplan with device and system locations
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 21 of 45
During this time, the Account/Project Manager will meet with the departments and designated staff to begin
understanding ongoing and anticipated projects the District hopes to undertake. This will allow Acorn to develop a
technology roadmap to replace any outdated systems, servers, workstations, hardware (including switches, firewalls, and
cabling) with more modern and secure infrastructure. This includes establishing an ongoing replacement schedule to ease
the budgeting and planning process. Additionally, on-site and remote support technicians will begin assisting users during
the assessment period.
During the Project Initiation and introduction, Acorn will want to tour the District, allowing for meet and greet
opportunities for the District staff and the Acorn project team to get to know each other. Acorn hopes to achieve a
smooth transition and receive any existing documentation and access from the current provider. This will be extremely
valuable to getting systems in place on the foundational level to be able to provide support as quickly as possible as well
as limiting any downtime between IT providers.
Acorn has experience formulating the teams needed to quickly and accurately perform the assessment and onboarding
process. This will include the assessment of the District’s system inventory and review of the system architecture as well
as current processes. This will allow Acorn to review and document systems, and deploy our documentation and remote
access tool. Acorn will do so by bringing forth a team that will include a Project Manager, Account Manager, Lead Senior
Technician and Onsite Technician to facilitate the initial onboarding and assessment process. During and after the
onboarding, Acorn will provide ongoing support but also support the District in the constant need to improve,
implement best practices, maintiman security measures and keep current hardware and software configurations up to
date. While this is a very brief explanation, the rest of the proposal sections will get into the specifics on how Acorn will
achieve this.
Acorn will request any and all current documentation from their incumbent provider and will need the District to assist
in facilitating that handoff. This includes confirming administrative credentials as well as additional follow questions. In
our experience, the assessment not only allows for the collection and documentation of critical information and
services, but it also serves as an excellent transition with the existing IT support staff allowing a smooth hand-off and
transition to Acorn’s support team.
In our experience, the assessment not only allows for the collection and documentation of critical information and
services, but it also serves as an excellent transition with the existing IT support staff allowing a smooth hand-off and
transition to Acorn’s support team.
Once the inventory of the Costa Mesa Sanitary District’s computer and network technologies are complete, our team
will review and evaluate the assets, discover any shortages or surpluses, determine where we can add value towards an
area of need, and provide any recommendations as necessary to enhance support, security, or streamlining of
operations.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 22 of 45
DESCRIBE THE IT MANAGEMENT AND SUPPORT SERVICES OFFERED BY THE FIRM. ARE THERE VARYING SERVICE LEVELS? IF SO, PLEASE OUTLINE
THEM AND IDENTIFY THE SERVICE LEVEL RECOMMENDED TO MEET THE NEEDS OUTLINED IN THIS RFP.
Acorn provides the same high level of service to all its clients. Acorn does not regularly provide varying service levels as it
is important to Acorn that clients receive the highest level of technical and customer service, regardless of time of day,
or client type. Acorn believes in an all inclusive approach, without many a la carte or excluded items.
Remote Helpdesk Support: A team of technicians are available 24/7/365 to provide timely, professional, and effective
remote technical support for the District staff. Acorn is often the single point of contact for all features of IT support
including daily desktop support, servers, on-premise/hosted phone systems, wireless networks, cloud services, network
security, monitoring of critical systems, as well as server administration responsibilities such as system
add/remove/changes, etc.
Acorn strives to provide the fastest response time to its customers. This means that when a customer calls in they are not
greeted by an automated phone menu but rather live representatives located in the Riverside office. Acorn’s teams of
technicians will quickly troubleshoot in real-time by logging into the computer via our remote management tools. This is
a service feature preferred by most of Acorn’s clients as it provides a cost effective alternative to on-site technicians, and
the ability to address multiple service requests simultaneously throughout the day.
The following are examples of how a ticket can be opened with the Acorn helpdesk:
1.A user dials Acorn’s helpdesk phone number;
2.A receptionist answers the call, asking for the user’s name;
3.The user provides necessary information to receptionist;
4.The receptionist passes the relevant information to a technician;
5.The technician takes the call, creates the ticket and assists the user remotely, or may contact an on-site
technician should remote hands be required.
OR:
1.A user e-mails Acorn’s helpdesk e-mail account, explaining their issue;
2.A ticket is generated with a response being sent to the user letting them know their ticket number;
3.A technician will address the ticket and assists the user remotely, or may contact an on-site technician
should on-site assistance be required
OR:
1.A user makes contact with the on-site technician and explains their issue;
2.The technician creates a ticket and informs the user of the ticket number;
3.The technician assists the user, making contact with the remote helpdesk as necessary.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 23 of 45
Ticket Resolution: Helpdesk technicians are required to monitor the Helpdesk queue for all non-call generated tickets.
Our goal is to minimize downtime and restore service operation as soon as possible. Tickets are handled in FIFO order, by
priority with high priority tickets handled first. The Director of Operations may increase priorities of tickets based on
severity and user impact or to ensure SLAs are being met. Once a technician is working on an issue (call generated or not),
they are required to follow the escalation procedure. Once the issue is resolved (and the user is satisfied), time, work
performed and notes are entered into the ticket, and the ticket is closed.
On-Site Technical Support Staff: Some organizations have requirements for and warrant on-site technical support staff.
To accommodate this need, Acorn can offer both full-time and part-time dedicated on-site technician(s) as one of its
technical support options. With that said, Acorn finds that over 95% of all technical support issues can be resolved through
remote and non-intrusive access. This approach allows clients to draw on an entire team of technicians to achieve a faster
resolution time than would be possible when relying on limited on-site technicians. However, when on-site service is
required, the on-site technician is contacted or remote Acorn technicians are dispatched as required. A function of on-
site technicians is also to provide lab support. Should a workstation need to be isolated from the main network, or if
devices require configuration, the on-site technician may perform the work in the IT offices rather than at a user’s desk -
this may include but is not limited to operating system upgrades, application installation, hardware upgrades, and virus
or malware removal. In addition, Acorn may alternate the on-site technicians (with approval by the District) in an effort
to have a greater number of Acorn staff trained on the District’s systems, thus allowing Acorn to offer more redundant
trained staffing support. On-site support can begin at the start of the contract during the assessment period or after the
assessment has been performed, whichever the District prefers.
Acorn Lab Team: Acorn also maintains a staff of lab technicians that work seven days a week to perform device
configurations or troubleshoot issues with computer hardware. The lab technicians scan infected workstations,
troubleshoot hardware peripherals, install software on new devices, and perform backup imaging of systems. The remote
lab staff at Acorn can also double as site runners who can pick up and deliver hardware to customers, or augment project
teams to provide additional tier one level technical support.
Lab Process & Repair: When a PC or Server is brought into the on-site lab, before any work or diagnosis is performed,
machine(s) is fully backed up. Once the backup image is confirmed, the ticket is reviewed and diagnostics/work is
performed. If a hardware failure is diagnosed, the technician will determine if the equipment is under warranty. If the
equipment is under warranty, the technician will contact the supporting vendor to arrange repair. If the equipment is not
under warranty, the technician will contact the CSR to determine the next course of action. This may include researching
and finding a replacement piece of equipment or pulling a spare from on-site inventory. Once work is complete, the ticket
is updated with the work performed then audited by a different technician. When configuring new equipment for
deployment, a ticket and install sheet are created. The install sheet contains a list of configurations and/or software
requirements for the device. A technician checks off the items on the sheet as they are completed. When finished, notes
are entered into the ticket and the sheet is audited by another technician.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 24 of 45
General Maintenance: For all current District inventory and any subsequent computers added to the System, Acorn will
create and maintain the following systems, and perform the following activities per the following schedule:
1. Apply Windows Update Patches
Often compatibility issues arise if Customer software is negatively affected by Windows™ updates. Acorn shall evaluate
the updates and if performance is acceptable, shall roll out patches across computers and servers. Roll out should occur
within two weeks of the release of an update. Acorn will use its WSUS server or if the District prefers, use the District’s
WSUS server to manage and monitor the successful deployment of updates.
2. Maintain Antivirus Definitions and Scan
Acorn shall create and maintain a suitable anti-virus strategy, which will include installation and updates of new antivirus
definitions and a weekly scan of the entire hard drive. Cost of software, if any, is additional and shall be borne by Customer.
Antivirus software shall monitor all servers, client machines, and e-mail. Acorn will use the server-side interface of the
customer’s antivirus software along with Continuum to manage and monitor the successful deployment of antivirus
definitions and system scans.
3. Maintain Antispyware Definitions and Scan
Acorn shall create and maintain a suitable antispyware strategy, which will include installation and updates of new
antispyware definitions and a periodic scan of the entire hard drive. Cost of software, if any, is additional and shall be
borne by Customer. Anti Spyware software shall monitor all servers and computers. Acorn will use the server side interface
of the customer’s antispyware software to manage and monitor the successful deployment of updates, antivirus
definitions and system scans.
4. Maintain SPAM control
Acorn shall create and maintain a strategy for controlling unsolicited commercial e-mail (SPAM). SPAM control must
extend to both local and remote users, and must allow for rescuing messages incorrectly categorized as SPAM. Acorn will
use its Barracuda Spam filtering appliances to manage and monitor spam filtering for the customer.
5. Domain Management
Acorn Technology can provide domain management for the District’s domains which would include timely renewals and
appropriate record management to ensure proper delivery of e-mail and website access.
6. Network Maintenance and Security
District servers, computers, software, and other systems are maintained and kept up to date on a regular basis to ensure
optimal security and stability. Maintenance is typically scheduled and includes systematically applying Microsoft Windows
Updates, Antivirus Definitions and Scans, Antispyware Definitions and Scans, SPAM control, firmware updates, and other
software updates. This proactive method helps maintain function of the District’s servers with minimal unplanned service
interruptions during normal business hours.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 25 of 45
Firewall Management: Acorn will assess and recommend the implementation of certain security features at the firewall
level, such as the following: Intrusion Protection which allows for the automatic scanning and blocking of bot related
attacks on the network, often scanning for open ports to gain access to the network. Content Filtering of web traffic on
the District network to enforce acceptable use policies and block access to websites containing information or images that
are objectionable or unproductive, which also includes known virus and malware sites. Enabling Gateway Anti-Virus and
Anti-Spyware tools to automatically scans all inbound and outbound traffic for viruses, Trojans, keyloggers and other
malware in files across all ports to block them from entering the internal network and causing harm.
Additionally, due to the ever evolving cyber security threat landscape, Acorn recommends Geo-IP Filtering/Restricting
features to identify and control network traffic going to or coming from specific countries to either protect against attacks
from known or suspected origins of threat activity, or to investigate suspicious traffic originating from the network. Acorn
recommends locking down access to specific countries or locations where the internal network will need to be accessed
from.
Network Switches: Acorn will assess the existing security and administration measures in place on the physical networking
level and recommend implementing network segmentation and sticky MAC; these security features allow only approved
devices to connect to the District’s switch infrastructure. This greatly improves security, reduces and mitigates risk of
unapproved access to the District’s network and that networks are segmented properly. Ensuring that a device only has
access to the specific network resources it is approved to have access to, i.e. critical systems. This includes both physical
switch connections as well as wireless throughout the District. Acorn will review the existing wireless networks and make
recommendations as needed.
IDENTIFY THE FIRM'S HOURS OF OPERATION. IS AFTER-HOURS SUPPORT AVAILABLE? IF SO, WHAT IS INCLUDED AND HOW ARE AFTER-HOURS
SERVICES BILLED?
Acorn provides remote helpdesk support 24/7/365, this includes onsite support, as needed. Acorn does not differentiate
between normal support and after hours support. Acorn does not charge for weekends or holidays. Acorn does not
charge for internal escalations or working with vendors, when related to the scope of services. Acorn does not charge
for emergency or disaster recovery when related to the scope of services, exceptions may occur if caused by gross
negligence or requests that are outside of the scope of services.
IDENTIFY THE AVAILABILITY OF KEY STAFF DURING NORMAL BUSINESS HOURS AND AFTER HOURS.
Acorn’s remote helpdesk support is available 24/7/365, including on-site support as needed. Acorn’s on-call staff is
available 24/7/365, which includes a Systems Administrator and Account Manager, as needed for emergencies and
helpdesk escalations. Acorn’s project management staff and account management staff are regularly available M-F,
7am-6pm, with some exceptions.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 26 of 45
IDENTIFY THE FIRM'S GUARANTEED RESPONSE TIME FOR ALL REQUEST TYPES. IF IT IS DEPENDENT UPON SEVERITY AND TIME OF DAY, DESCRIBE
THE CRITERIA FOR DETERMINING THE RESPONSE TIME. PROVIDE THE FIRM'S AVERAGE RESPONSE TIME FOR AFTER-HOURS ISSUES.
Since calls for support requests are almost always handled with a live representative, Acorn’s average response time is
normally less than 5 minutes. However, in the rare event of a call back or on-site support is needed: Acorn shall be
prepared to provide support for Customer’s System maintenance, including remote access, telephone, and on-site help
when necessary, per the following schedule:
Response Schedule
Telephone callback:
Monday - Friday 7am-7pm 30 minutes
All other times 60 minutes
Remote access assistance from qualified technician logging into Network, computer
or server:
Monday - Friday 7am-7pm 30 minutes
All other times 60 minutes
On-Site Service from time of first contact:
Monday - Friday (9am-4pm) 4 hours
After Hours M-F (4pm-11pm) 6 hours
After Hours M-F (6am-9am) 6 hours
Weekend & Holiday (6am-11pm) 6 hours
All other times As Available
DESCRIBE THE PROCESS UTILIZED FOR SCHEDULING DOWN TIME FOR ROUTINE MAINTENANCE. HOW OFTEN IS DOWNTIME ANTICIPATED TO
OCCUR? HOW IS DOWN TIME COMMUNICATED TO CLIENTS?
Acorn Account Managers work closely with their designated client contacts to schedule planned maintenance windows.
Acorn schedules regular maintenance windows on a monthly basis, often two weeks after Microsoft releases its
updates. This is generally communicated to clients via regular emails that go out to all points of contact as requested by
the client. The client is given the opportunity to approve or reschedule the maintenance window. These windows are
used for Microsoft updates, 3rd party application updates, as well as firmware updates. In situations where a zero-day
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 27 of 45
patch is recommended, Acorn Account Managers will reach out to each individual client via their preferred method to
schedule the maintenance window at the earliest possible time that is least impactful for the client. If work is needed on
server infrastructure or an end user's machine, Acorn can accommodate an after hours schedule, so while the client is
closed, Acorn can be working on the systems. After the completion of a maintenance window, Acorn can reach out and
notify the client via email, phone or other means.
DESCRIBE HOW THE FIRM WOULD ASSIST WITH THE DISTRICT'S STRATEGIC PLANNING EFFORTS TO ENSURE THAT THE IT INFRASTRUCTURE
RETAINS ITS EFFICIENCY AND RELIABILITY.
Planning and Project Management: Acorn will use the documentation generated in the onboarding assessment to
develop the IT Roadmap for the District. The road map becomes the basis for all other technical decisions and must
become the guiding principles for staffing, application development/selection, infrastructure, and other key strategic
decisions. This includes the development of a five year replacement schedule for its computers, servers, and network
equipment. It will also lay out the needs for software upgrades and replacements due to end of life and end of
service/support timelines. Each one of these recommended replacements will have its own project plan that can be
provided to the District for prior approval. These plans include the timeline and assignment of a project manager, technical
resource(s) and the necessary hardware and software needed to complete the project. However, this is really just the tip
of the iceberg of what Acorn calls its “Strategic Planning and Oversight” efforts. This is further expanded upon below:
Acorn will assist with identifying solutions to support District strategic goals. Current and future projects will be reviewed,
and Acorn will offer recommended policies, procedures and standards during and after implementation. Acorn will help
review proposals related to IT services and assist where possible in negotiations. Service recommendations will be
provided as needed to enhance IT services. Assistance will be offered with yearly budget recommendations, identifying
software and hardware needs and looking toward upcoming years for better future planning. Project managers will
provide management of projects as-needed for IT related projects.
This is where the partnership between the Network/Systems Engineers and Account Manager shine. Understanding where
the District is going and ensuring the technical infrastructure and organizational structure is in place to support that.
Acorn’s team has years of experience with other municipalities and public safety organizations allowing us to be able to
forecast changes to ensure solutions are in place to address those needs. Acorn has assessed many organizations
containing a combination of in-house, outsourced, and blended organizational technology structures. Acorn has a critical
eye toward business processes, user experience, and the potential use cases that are most important. This part of the
service provided by Acorn will be the culmination of recommendations to ensure the District is prepared for its
technological future.
Account Managers work with their clients to analyze and develop their budgets on a no-less than annual basis. Acorn often
has a more integral experience with Cities and Police Departments due to the level of engagement it has with its on-going
support model. This experience makes Acorn well suited to perform a high-level analysis of the District’s IT costs with a
comparison to other public, non-public and public safety organizations. Acorn can assist with procurement, leveraging our
relationships with vendors or assisting with purchasing through government agreements already in place, such as Dell and
CDWG. Multiple quotes can be provided to find cost effective one-to-one comparisons when looking to purchase
hardware, software, licensing and services.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 28 of 45
Inventory & Replacement Schedules: Acorn will maintain a documented inventory of all supported devices paired with
their best practice replacement schedule. The Acorn Account Manager will work closely with the District to assist in
budgeting for timely and proactive replacements of end of life or failing hardware.
PROPOSE A STRATEGY FOR MAJOR APPLICATION UPGRADES.
When an application upgrade is determined to be necessary, by either end of life, new functionality requirements,
security concerns, or customer preference, Acorn takes the following approach.
1) Work with the application vendor to determine system requirements including hardware, network, bandwidth,
data, security, etc. Once the requirements are determined Acorn will work with the district to ensure all the
requirements have been put in place. If the requirements are not already available, Acorn will put together the
necessary project plan and budget to implement the requirements.
2) Once the system requirements are put in place Acorn will work with the application vendor for the development
of the test environment, software installation, application data migration, and necessary configurations.
3) Once the test environment is in place Acorn will work with designated users from the District and the application
vendor to test the systems to ensure data integrity and application functionality.
4) Once the district is satisfied with the testing, Acorn will work with the application vendor to perform a complete
data migration, shut down access to the old system and provide the necessary users with access to the new
system. Acorn will work with the application vendor to provide the District with the necessary user training to
know how to use the system as intended and will also be available to the District to troubleshoot typical follow
up issues that will need to be dealt with.
5) Acorn will then ensure that the new systems are set up within Acorn's monitoring tools, the data/servers are
properly being backed up, the proper network security measures are in place, and the documentation is
updated to reflect the new application/systems.
6) Lastly, when the customer deems the old system is no longer needed, Acorn will go through the process of
decommissioning the old system and archiving its data in case it’s needed in the future
DESCRIBE THE FIRM'S RECOMMENDED DISASTER RECOVERY STRATEGY, AND EXPLAIN HOW THE STRATEGY IS UNIQUE TO GOVERNMENT
AGENCIES.
System Backup: On-site backup: Acorn recommends and performs automatic backups of entire server images, including
operating system, applications, and data so that in the event of a fatal malfunction, the system can be restored either on
that original hardware, or on different hardware without requiring reinstallation, thereby minimizing downtime.
Depending on the server’s functionality and rate of data change, incremental backups should be taken multiple times
per day, but no less than 4 times per day. Not only does this backup allow for full server restoration, but it also allows
for granular file level recovery. The retention policy for the backup images can be easily modified to meet the District’s
requirements as long as there is sufficient storage capacity available on and off-site.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 29 of 45
Off-site backup: Acorn also recommends having full server images along with incremental images backed up to Acorn’s
data center or to one of the District’s other sites as soon as the backup image is completed and verified.
Acorn is familiar with and has managed a variety of backup and Disaster recovery software solutions including Veeam.
Acorn often recommends and utilizes StorageCraft’s ShadowProtect for server backups to reduce costs as compared to
other backup solutions.
Disaster Recovery Solution: In addition to backups, Acorn highly recommends the District consider a disaster recovery
solution that would meet its desired Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). Acorn can
assist the District for the development of an implementation of a disaster recovery plan and solution that meets these
objectives. Acorn offers various disaster recovery solutions to help guide an organization in the event of a disaster and
to effectively reestablish critical business operations within the shortest possible period of time, with minimal or no loss
of data. Solutions range from basic server backups to fully live hot site failover capability.
For the District, Acorn will recommend options that would allow for the implementation of a disaster recovery solution
that would have a combination of fully live replicated servers in addition to backup images that are “pre-restored” in a
manner that could significantly reduce the time to restoration. This solution should be able to utilize existing hardware
onhand and could greatly reduce the recovery time objective (RTO) and recovery point objective (RPO) of the District.
The restoration process is often built into the backup software solution.
DESCRIBE HOW THE FIRM DETERMINES WHEN SOFTWARE UPGRADES ARE NECESSARY.
Acorn believes regular maintenance updates are critical to the efficiency, security, and reliability of the District's
systems, as mentioned earlier in this section. This includes, schedule application upgrades when software vendors
determine a piece of software is approaching either end of life, the client determines new or different functionality is
required, there are security concerns with the software, or based on client preference.
DESCRIBE ANY SERVICES PROVIDED BY THE FIRM (BEYOND THOSE LISTED IN THE SCOPE OF SERVICES) THAT MAY BE OF INTEREST TO THE
DISTRICT, SUCH AS AUDIO VISUAL SERVICES.
The District’s RFP has been quite thorough, however, there are some services Acorn provides that are not listed in the
RFP. This include:
Risk Assessments: Acorn regularly conducts IT Risk Assessments both internal to clients and on behalf of CPA firms for
various organizations in and around Southern California. The exposure to IT controls and risk management protocols in
place, that are gauged during these assessments, gives us a better insight to what audit firms look for. Our experience
allows Acorn to develop our own internal set of questions, processes, and procedures to help ensure a more
comprehensive review. In addition, our core competency with years of experience providing professional IT services to
customers with our robust and expansive team of individuals allows us to provide industry driven, cost effective
solutions and recommendations within a quick turnaround period.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 30 of 45
Risk Assessment of IT controls are typically focused on:
● Physical security infrastructure and environmental controls
● Logical access to data, policies and procedures for obtaining access to data
● Change management process
● Backup and recovery infrastructure, policies and procedures
● Disaster Recovery and business continuity planning
● System development and acquisition
● Network controls
● End user computing, policies and procedures
● Destruction of data
● Organizational security & incident response.
The process involves conducting interviews with IT staff and management personnel to review change controls,
documentation, policies, and procedures to identify deficiencies and provide recommendations for remediations.
Acorn’s risk assessment questions align with NIST 800-30 standards and allow us to gain a more comprehensive
approach to practical remediations and identifying gap analysis deficiencies. Acorn will prioritize these findings based
on criticality, including an expanded definition of the risk and explanation of the impact to the organization.
Vulnerability Scans: As a complimentary service to its Risk Assessments, Acorn performs vulnerability scans for its clients.
Acorn utilizes specialized tools to scan the District network, inside and out, to identify technical system weaknesses. This
includes a systematic audit of available services, searching for known deficiencies in the network, operating systems, and
application layers. We identify the vulnerabilities, share the details with our clients, and suggest specific corrective
measures. Recommendations are prepared in a way that enables them to be interpreted and utilized by both the
management and technical professionals on your team.
Data Center Services: Acorn owns and operates its own data center along with having co-location space within the world
renowned Switch facility within Las Vegas NV, which allows customers to take advantage of reduced costs for hosting, off-
site disaster recovery solutions, and the utilization of Acorn hosted services such as SPAM filtering and content filtering in
the event the District would like these services
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 31 of 45
7) MONITORING
DESCRIBE THE TOOLS AND STRATEGIES USED TO MONITOR AND ENSURE THE STABILITY OF IT SYSTEMS.
Acorn maintains a 24/7 monitoring system; using a combination of proprietary and third-party monitoring software that
are used by Acorn representatives in real-time to monitor our customer’s systems 24/7/365. These tools include but are
not limited to Nagios, PagerDuty, Cacti, MRTG, Datto RMM, and other application based email alerts. Acorn monitors
health and performance of the network, to ensure servers, network devices, internet, VPN connections, UPS power,
circuits, and bandwidth are performing as expected. Acorn sets thresholds for different monitoring parameters based on
which alerts are generated, and Acorn’s 24/7 staff will quickly detect, diagnose, and address system outages and
performance issues.
Additionally, Account Managers and Technical Service Representatives are on call 24/7 and utilize the monitoring system
to assure that Customer’s connectivity, latency and usage are within expected and acceptable tolerances. The critical
system infrastructure being monitored includes but is not limited to: Internet services, servers, firewalls, switches, UPSs,
wireless access points, bandwidth, network traffic, storage devices, etc.
DESCRIBE HOW THE RESULTS OF MONITORING WOULD BE REPORTED TO THE DISTRICT.
Acorn has monitoring tools in place to provide warnings when systems fall outside of certain thresholds, alerts for
predictive failures, and alarms for outages. These systems allow Acorn to be proactive (where possible) to address issues
before they become problems and address problems before they become crises. This helps reduce downtime, less
interruption to District services, and improved quality of service to the District's constituents. These efforts result in cost
savings to the District. These systems are monitored by both people and automated systems with redundancy built in to
reduce the likelihood that a critical alert is missed due to human or computer error. The alerts generated from the various
monitoring platforms are reported to the District in a variety of ways depending on criticality. If it is critical then Acorn
will reach out via telephone to the District point of contact 24/7 based on the District’s direction. Otherwise, alerts,
outages, or service interruptions can be communicated via email, specified reports, or in the regularly scheduled meetings
with the Account Manager, whichever the District prefers.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 32 of 45
8) DOCUMENTATION AND RECORDS
DESCRIBE HOW THE FIRM WOULD DOCUMENT ALL MAINTENANCE WORK, SYSTEM PERFORMANCE, AND ANY CHANGES MADE TO DISTRICT
SYSTEMS.
Acorn will develop and maintain complete documentation on all network information such as system inventory, software
licenses, vendors, network diagrams, and system configuration. Acorn documents processes, so the District will be able
to work with any of its technicians for assistance and to ensure no critical information is dependent on one or two people.
This not only allows for improved service to the District, but prevents the District from ever being “held hostage” by its IT
provider. If the District is ever dissatisfied with Acorn, the District has the information necessary to request competitive
bids from 3rd party providers with even more comprehensive information than was provided within this proposal.
The “how“ part of the documentation is fairly simple. We have baked into our process that all work performed is done
with a ticket that describes the work to be done, the time the technician puts into the work, and the specific details the
technician performs. This information is always within our ticketing system. That is really just the beginning of the
documentation process. Acorn utilizes a documentation platform called IT Glue. This tool is instrumental in providing a
repository for Acorn to document all critical systems, important technical details, diagrams, application information,
networking equipment, licensing, IP addresses, network configurations, how to articles for tutorials, vendor contact
information, expirations for licensing, domains, warranties, security certificates, etc., and so much more!
Tickets are created for alerts that are generated from our various monitoring systems. These tickets are then assigned
to technicians to investigate the matter and document their findings and the work they performed. This becomes the
necessary documentation for the system performance and changes made to the district systems.
Lastly, Acorn’s remote monitoring and management tool, Datto RMM, maintains an inventory of all computers and
servers under support, the software installed on these systems, and a log of remote access.
DESCRIBE HOW THE FIRM WOULD RETAIN DOCUMENTATION RELATED TO CONTRACTED WORK. WILL THIS DOCUMENTATION BE MADE
AVAILABLE TO THE DISTRICT THROUGHOUT THE CONTRACT PERIOD?
The documentation is retained within the ticketing system, the RMM tool and most importantly in IT Glue. The way
Acorn “sees it” is that the documentation generated has been paid for by the District, it is about the District’s assets and
procedures, it is critical information needed to support the District, therefore, it is the District’s. As such, Acorn will
deliver to the District, usually within 90-120 days after the initial onboarding, a complete set of documentation for the
district to have. Additionally, Acorn may be able to work out for the district to have remote access to the information in
IT Glue as needed. As noted above: This not only allows for improved service to the District, but prevents the District
from ever being “held hostage” by its IT provider. If the District is ever dissatisfied with Acorn, the District has the
information necessary to request competitive bids from 3rd party providers with even more comprehensive information
than was provided within this proposal.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 33 of 45
DESCRIBE HOW THE FIRM WOULD MAINTAIN CONFIDENTIALITY IN STRICT CONFORMANCE WITH CONFIDENTIALITY LAWS AND REGULATIONS.
Acorn handles this in a multitude of ways. First off, all employees sign a strict confidentiality agreement before they
begin their employment. Secondly all technicians, project managers, and account managers must undergo a indepth
Department of Justice background check to ensure there is no history of crime, fraud, or even bad credit that would
potentially cause them to be at risk. Additionally, Acorn team members participate in regular training sessions that
address things like client confidentiality on a no less than annual basis. Lastly, some of our clients have additional
confidentiality agreements that they would like the Acorn team members to sign. This is often done with law
enforcement agencies, health care clients, CPA firms, and law firms. If the District would like to have an agreement like
this in place, Acorn would be willing to review and work with its team members to agree.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 34 of 45
9)DISTINGUISHING CHARACTERISTICS
While many firms deliver IT services, Acorn has worked diligently to develop points of distinction that help distinguish us
from the competition!
Acorn has worked hard to craft different approaches to reduce the roadblocks and challenges to outsourcing the IT
function. These efforts center around being proactive, reducing downtime, increasing available expertise to the
customer, increasing transparency, and, most importantly, reducing costs. In addition to Acorn’s flexible approach to
providing a blend of both on-site and remote support solutions, Acorn offers some unique features to its service model
that help reduce costs, reduce downtime, reduce staff time, and increase efficiencies. While some of these were
mentioned earlier in the proposal, here is a list of these innovative approaches.
24/7/365 Live Human Support: When you call Acorn, you ALWAYS get a live human answering your call. While Acorn
staffs a 24/7/365 team of technicians, not all clients feel the need to pay for the associated costs. Since Acorn’s other
clients in law enforcement, healthcare, public safety, (as well as our clientele in Germany) already pay for that extra
coverage. Since Acorn is already staffed for this service, Acorn provides this level of service to all of its clients at no extra
charge! We know that when an emergency happens or your team is working on some late night deadline and you need
IT support, you will be happy the Acorn team is there!
System Monitoring: Acorn has monitoring tools in place to provide warnings when systems fall outside of certain
thresholds, alerts for predictive failures, and alarms for outages. These systems allow Acorn to be proactive (where
possible) to address issues before they become problems and address problems before they become crises. This helps
reduce downtime, less interruption to District services, and improved quality of service to the District's constituents.
These efforts result in cost savings to the District. These systems are monitored by both people and automated systems
with redundancy built in to reduce the likelihood that a critical alert is missed due to human or computer error. The alerts
generated from the various monitoring platforms are reported to the District in a variety of ways depending on criticality.
If it is critical then Acorn will reach out via telephone to the District point of contact 24/7 based on the District’s direction.
Otherwise, alerts, outages, or service interruptions can be communicated via email, specified reports, or in the regularly
scheduled meetings with the Account Manager, whichever the District prefers.
Documentation: Acorn will develop and maintain complete documentation on all network information such as system
inventory, software licenses, vendors, network diagrams, and system configuration. Acorn documents processes, so the
District will be able to work with any of its technicians for assistance and to ensure no critical information is
dependent on one or two people. This not only allows for improved service to the District, but prevents the District
from ever being “held hostage” by its IT provider. If the District is ever dissatisfied with Acorn, the District has the
information necessary to request competitive bids from 3rd party providers with far more comprehensive information
than was provided within this proposal.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 35 of 45
Procurement Services: Always get the best price Acorn can source...Never a markup on any hardware and take advantage
of Acorn’s buying power to procure the best rates. Acorn provides or augments the vendor management and
procurement services typically handled by District staff. Acorn leverages its buying power and passes the savings on to
its clients. Acorn also works with government cooperative agreements and specific government vendors to ensure the
District gets the best price for its hardware and software needs. This frees up District staff time, reduces costs, and
reduces the likelihood that a non-technical District staff member ends up procuring the incorrect equipment. Acorn
NEVER marks up hardware or software, so the client always gets the best price Acorn can acquire.
Depth and Breadth of Talent: Acorn has a team of over 50 amazing people who work daily to meet and exceed the
expectations of our clients. By utilizing Acorn’s remote support and not solely depending on the on-site
individuals, customers take advantage of the diverse range of talents possessed by Acorn’s technical team.
Everything from low voltage cabling and desktop support to more skilled expertise like strategic planning and disaster
recovery solution design and implementation are available. This reduces the need for additional third party vendors,
thereby reducing District costs.
Data Center Services: Acorn owns and operates its own data center along with having co-location space within the world
renowned Switch facility within Las Vegas NV, which allows customers to take advantage of reduced costs for hosting,
off-site disaster recovery solutions, and the utilization of Acorn hosted services such as SPAM filtering and content
filtering in the event the District would like these services.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 36 of 45
10)FEES
Acorn Technology Services normally delivers its services and solutions through a flat fee model or, if specifically
requested, on an hourly model based on time and materials. Most clients prefer a flat fee that encompasses all of
Acorn’s scope of services as opposed to the time and material method, since it allows the client to more easily budget
for predictable expenses. This approach assures customers that our objectives are aligned: “when the customer has
fewer problems, Acorn’s margins improve;” as opposed to the opposite approach where Acorn makes more money the
more problems the customer has. This ensures the incentive to be proactive and preventative is in place. No matter
what model best suits the District, there will be no “surprise charges” as any additional charges will require an approval
via Change Order. All services will be detailed in the monthly invoice for easy reference.
Based on the information provided within the proposal, the initial one-time assessment described within the Proposal,
Acorn will provide a team of people to perform the initial assessment, documentation, and provide recommendations, for
the flat rate of $6,775.
With the combination of the flat fee model and the remote helpdesk, Acorn can effectively support all of the District’s IT
needs on a 24/7 basis, take ownership of user-generated trouble tickets as they arise, as well as coordinate more
effectively with District staff and outside equipment and software vendors to implement new technologies and see
projects through to completion, all at a predictable flat rate. This includes working with vendors for set up,
troubleshooting, updating and maintaining supported systems…..all of the items listed within this proposal.
If the District commits to a 2 Year Term or 3 Year Term, the monthly fee is discounted as noted in the chart below.
Flat Monthly Fee Model
Term Monthly Rate
1 Year $4,375/mo
2 Year $4,155/mo
3 Year $3,935/mo
The Monthly Fee options were based on the quantities of supported devices as listed below for the systems and
infrastructure at the District. With more accurate information and/or should there be an opportunity for consolidation,
Acorn will adjust the Monthly Fee accordingly.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 37 of 45
Devices Priced into the Above Flat Monthly Fee Pricing:
Quantity Devices
~55 Users
18 Desktop Computers
25 Laptop Computers
5 Servers (Physical)
12 Servers (Virtual)
2 SAN
2 LAN Infrastructure
1 Firewall/Routers
4 Wireless Access Points
6 Switches
TBD Virtual Private Network (VPN)
4 Networked Copiers/Printers
30 Mobile Devices and Tablets
OPTIONAL FEES:
Additional devices can be added to the support agreement at the following rates:
MRC per Addition Monthly Rate Increase
MRC per Computer $60.00/mo
MRC per Server $150.00/mo
MRC per Network $150.00/mo
MRC per Mobile Device $10.00/mo
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 38 of 45
The following are flat rate charges for other Ad-hoc services:
Flat Fee per Addition One-Time Installation Fee
Flat Fee per Computer $250.00
Flat Fee per Server $1500.00
The following are hourly rate charges for Ad-hoc services not included within the scope of work:
Technician Experience Level Hourly Rate
Tier 1 Technician (TSR1) – End User Desktop Support
Tier 2 Technician (TSR2) – Systems Administrator
Project Managers (PM) – Project Planning and Managing
Tier 3 Technician (TSR3) – Network Engineer
$90.00/hour
$125.00/hour
$125.00/hour
$145.00/hour
Escalation Contractor fees: The rates listed in the chart above are applicable 24/7/365. Acorn does not charge
any additional rates for escalation.
Fees related to disaster recovery: Unless the District chooses to leverage Acorn’s data center services to facilitate
off-site disaster recovery, then there will be no additional charges to support the customer’s existing disaster
recovery solution.
Fees for emergency response and after-hours work: The rates listed in the chart above are applicable 24/7/365.
Acorn does not charge any additional rates for emergency response or after-hours work.
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 39 of 45
APPENDIX A - LETTERS OF RECOMMENDATION
LETTER OF RECOMMENDATION FROM CHIEF DAVID POVERO AT THE CITY OF COVINA POLICE DEPARTMENT
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 40 of 45
LETTER OF RECOMMENDATION FROM CHIEF ALAN SANVICTORES AT THE CITY OF MONROVIA POLICE DEPARTMENT
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 41 of 45
LETTER OF RECOMMENDATION FROM INTERIM CHIEF BRIAN SOLINSKY AT THE CITY OF SOUTH PASADENA POLICE DEPARTMENT
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 42 of 45
LETTER OF RECOMMENDATION FROM LAUREN VASQUEZ AT THE CITY OF MONROVIA
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 43 of 45
LETTER OF RECOMMENDATION FROM LUCY DEMIRJIAN AT THE CITY OF SOUTH PASADENA
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 44 of 45
LETTER OF RECOMMENDATION FROM GILBERT VILLALPANDO AT THE CITY OF LA QUINTA
COSTA MESA SANITARY DISTRICT PROPOSAL – INFORMATION TECHNOLOGY ASSESSMENT
Page 45 of 45
LETTER OF RECOMMENDATION FROM OLIVER CHI AT THE CITY OF HUNTINGTON BEACH